Recipe 11.9. Script: Mass Admin Password ChangerWhat do you do when someone leaves your company that knows the administrator passwords for your systems? Do you go to all of your servers and change the passwords? You should. Do you periodically change all the administrator passwords on your systems by hand? That's where this script comes in handy. All you need is a text file that contains a list of servers, set the new password in the code, and run the script with an account that has administrative privileges on those servers. This way you can quickly change the administration password on a bunch of servers. Here is the code: Option Explicit On Error Resume Next Dim strServerList : strServerList = "c:\servers.txt" Dim strServerPass : strServerPass = "c:\pass.txt" Dim strServerFail : strServerFail = "c:\fail.txt" Dim strAdminAccount : strAdminAccount = "administrator" Dim strNewPassword : strNewPassword = "My!New!Password" Dim objFSO, objServersFile, objPassFile, objFailFile Set objFSO = CreateObject("Scripting.FileSystemObject") Set objServersFile = objFSO.OpenTextFile(strServerList) Set objPassFile = objFSO.CreateTextFile(strServerPass) Set objFailFile = objFSO.CreateTextFile(strServerFail) Do While not objServersFile.AtEndOfStream Dim strServer : strServer = objServersFile.ReadLine Dim objAdmin Set objAdmin = GetObject("WinNT://" & strServer & "/" _ & strAdminAccount & ",user") if Err then objFailFile.WriteLine strServer & " failed: " & Err.Description Err.Clear else objAdmin.SetPassword strNewPassword objAdmin.SetInfo if Err then objFailFile.WriteLine strServer & " failed: " & Err.Description Err.Clear else objPassFile.WriteLine strServer & " successful" end if end if Loop WScript.Echo "Complete." ' Close open files objServersFile.close objFailFile.close objPassFile.close The code is pretty straightforward, but if you'd rather piece together a long command line, I may be able to help there as well. I'm now going to present three different commands that do essentially the same thing as the script, except each pulls the list of servers to change the password on from a different source. They all use the Sysinternals pspasswd command to remotely change passwords. The first does exactly what the script does by iterating over a list of servers in a text file (called c:\servers.txt): > for /f %v in (c:\servers.txt) do pspasswd \\%v -u administrator -p <Current> <New> If you want to change the password on just a handful of servers, you may not want to create a text file. With the following command, you can specify the list of hosts: for %v in (localhost,srv01,srv02) do pspasswd \\%v -u administrator -p <Current> <New> Lastly, you may want to pull your list of servers from Active Directory. The following command iterates over all the computers contained in the cn=Computers container in the dc=rallencorp,dc=com domain while running on a Windows Server 2003 computer: for /f "usebackq" %v in (`dsquery computer "cn=computers,dc=rallencorp,dc=com" - limit 0 -o rdn`) do pspasswd \\%~v -u administrator -p <Current> <New>
|